SPRING Working Group R. Gandhi, Ed.
Internet-Draft C. Filsfils
Intended Status: Standards Track Cisco Systems, Inc.
Expires: August 18, 2019 D. Voyer
Bell Canada
S. Salsano
Universita di Roma "Tor Vergata"
P. L. Ventre
CNIT
M. Chen
Huawei
February 14, 2019
In-band Performance Measurement Using UDP Pathfor Segment Routing Networksdraft-gandhi-spring-rfc6374-srpm-udp-00
Abstract
Segment Routing (SR) is applicable to both Multiprotocol Label
Switching (SR-MPLS) and IPv6 (SRv6) data planes. This document
specifies procedures for using UDP path for sending and processing
in-band probe query and response messages for Performance
Measurement. The procedure uses the RFC 6374 defined mechanisms for
Delay and Loss performance measurement. The procedure specified is
applicable to SR-MPLS and SRv6 data planes for both links and
end-to-end measurement for SR Policies. In addition, this document
defines Return Path TLV for two-way performance measurement and Block
Number TLV for loss measurement.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Copyright Notice
Gandhi, et al. Expires August 18, 2019 [Page 1]

Internet-Draft RFC 6374 UDP Path for Segment Routing February 14, 2019
messages over an UDP return path for RFC 6374 based probe queries.
[RFC7876] can be used to send out-of-band PM probe responses in both
SR-MPLS and SRv6 networks for one-way performance measurement.
For SR Policies, there are ECMPs between the source and transit
nodes, between transit nodes and between transit and destination
nodes. Existing PM protocols (e.g. RFC 6374) do not define handling
for ECMP forwarding paths in SR networks.
For two-way measurements for SR Policies, there is a need to specify
a return path in the form of a Segment List in PM probe query
messages without requiring any SR Policy state on the destination
node. Existing protocols do not have such mechanisms to specify
return path in the PM probe query messages.
This document specifies a procedure for using UDP path for sending
and processing in-band probe query and response messages for
Performance Measurement that does not require to bootstrap PM
sessions. The procedure uses RFC 6374 defined mechanisms for Delay
and Loss PM and unless otherwise specified, the procedures from RFC6374 are not modified. The procedure specified is applicable to both
SR-MPLS and SRv6 data planes. The procedure can be used for both SR
links and end-to-end performance measurement for SR Policies. This
document also defines mechanisms for handling Equal Cost Multipaths
(ECMPs) of SR Policies for performance delay measurement. In
addition, this document defines Return Path TLV for two-way
performance measurement, Block Number TLV for loss measurement and
Sequence Number TLV.
2. Conventions Used in This Document2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119] [RFC8174]
when, and only when, they appear in all capitals, as shown here.
2.2. Abbreviations
ACH: Associated Channel Header.
BSID: Binding Segment ID.
DFLag: Data Format Flag.
DM: Delay Measurement.
Gandhi, et al. Expires August 18, 2019 [Page 4]

Internet-Draft RFC 6374 UDP Path for Segment Routing February 14, 2019
between transit nodes and between transit and destination nodes.
Usage of Anycast SID [RFC8402] by an SR Policy can result in ECMP
paths via transit nodes part of that Anycast group. The PM probe
messages need to be sent to traverse different ECMP paths to measure
performance delay of an SR Policy.
Forwarding plane has various hashing functions available to forward
packets on specific ECMP paths. Following mechanisms can be used in
PM probe messages to take advantage of the hashing function in
forwarding plane to influence the path taken by them.
o The mechanisms described in [RFC8029] [RFC5884] for handling ECMPs
are also applicable to the performance measurement. In the IP/UDP
header of the PM probe messages, Destination Addresses in 127/8
range for IPv4 or 0:0:0:0:0:FFFF:7F00/104 range for IPv6 can be
used to exercise a particular ECMP path. As specified in
[RFC6437], 3-tuple of Flow Label, Source Address and Destination
Address fields in the IPv6 header can also be used.
o For SR-MPLS, entropy label [RFC6790] in the PM probe messages can
be used.
o For SRv6, Flow Label in SRH [I-D.6man-segment-routing-header] of
the PM probe messages can be used.
6. Sequence Numbers
The message formats for DM and LM [RFC6374] can carry either
timestamp or sequence number but not both. There are case where both
timestamp and sequence number are desired for both DM and LM.
Sequence numbers can be useful when some probe query messages are
lost or they arrive out of order. In addition, the sequence numbers
can be useful for detecting denial-of-service (DoS) attacks on UDP
ports.
6.1. Sequence Number TLV in Unauthenticated Mode
[RFC6374] defines DM and LM probe query and response messages that
can include one or more optional TLVs. New TLV Type (value TBA3) is
defined in this document to carry sequence number for probe query and
response messages for delay and loss measurement. The format of the
Sequence Number TLV is shown in Figure 10:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type TBA3 | Length | Reserved |
Gandhi, et al. Expires August 18, 2019 [Page 15]

Internet-Draft RFC 6374 UDP Path for Segment Routing February 14, 2019
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 10: Sequence Number TLV - Unauthenticated Mode
o The sequence numbers start with 0 and are incremented by one for
each subsequent probe query packet.
o The sequence number are independent for DM and LM messages.
o The sequence number can be of any length determined by the querier
node.
o The Sequence Number TLV is optional.
o The PM querier node SHOULD only insert one Sequence Number TLV in
the probe query message and the responder node in the probe
response message SHOULD return the first Sequence Number TLV from
the probe query message and ignore the other Sequence Number TLVs
if present.
o When Sequence Number TLV is added, the DM and LM messages SHOULD
NOT carry sequence number in the timestamp field of the message.
6.2. Sequence Number TLV in Authenticated Mode
The PM probe query and reply packet format in authenticated mode
includes a key Hashed Message Authentication Code (HMAC) ([RFC2104])
hash. Each probe query and reply messages are authenticated by
adding Sequence Number with Hashed Message Authentication Code (HMAC)
TLV. It uses HMAC-SHA-256 truncated to 128 bits (similarly to the
use of it in IPSec defined in [RFC4868]); hence the length of the
HMAC field is 16 octets. HMAC uses own key and the definition of the
mechanism to distribute the HMAC key is outside the scope of this
document.
In authenticated mode, only the sequence number is encrypted, and the
other payload fields are sent in clear text. The probe packet MAY
include Comp.MBZ (Must Be Zero) variable length field to align the
packet on 16 octets boundary.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Gandhi, et al. Expires August 18, 2019 [Page 16]

Internet-Draft RFC 6374 UDP Path for Segment Routing February 14, 2019
| Type TBA4 | Length | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
~ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
~ Comp.MBZ ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| HMAC (16 octets) |
| |
| |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 11: Sequence Number TLV - Authenticated Mode
o This TLV is mandatory in the authenticated mode.
o The node MUST discard the probe message if HMAC is invalid.
o The Sequence Number follows the same processing rule as defined in
the unauthenticated mode.
7. Security Considerations
The performance measurement is intended for deployment in
well-managed private and service provider networks. As such, it
assumes that a node involved in a measurement operation has
previously verified the integrity of the path and the identity of the
far end responder node. The security considerations described in
Section 8 of [RFC6374] are applicable to this specification, and
particular attention should be paid to the last three paragraphs.
Use of HMAC-SHA-256 in the authenticated mode defined in this
document protects the data integrity of the probe messages. SRv6 has
HMAC protection authentication defined for SRH
[I-D.6man-segment-routing-header]. Hence, PM probe messages for SRv6
may not need authentication mode. Cryptographic measures may be
enhanced by the correct configuration of access-control lists and
firewalls.
8. IANA Considerations
IANA is requested to allocate values for the following Return Path
TLV Type for RFC 6374 to be carried in PM probe query messages:
Gandhi, et al. Expires August 18, 2019 [Page 17]